ext-ms-win-kernelbase-processthread-l1-1-0[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ext-ms-win-kernelbase-processthread-l1-1-0.dll
Size

3KB
MD5

a72631c1272e3d207479c8860d0bb16a
SHA1

fe05266a084a186659a027728bcb1eca52179994
SHA256

9b79bb9142e582be94c40acf8b50353d2216d489981279a923769e78c1fa9972
SHA512

f8671a226a707e4b953b32ef9505bfeaf2e97b0a48333c22efe4ea6345344e25868696ff0b3cc3b3da1d8a8ecab88e8b85e4a14d4f6ecf600d5846650889eef0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ext-ms-win-kernelbase-processthread-l1-1-0.dll

Files

ext-ms-win-kernelbase-processthread-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ext-ms-win-kernelbase-processthread-l1-1-0.pdb

Exports

Exports

BaseCheckElevation
BaseDestroyVDMEnvironment
BaseElevationPostProcessing
BaseIsDosApplication
BaseUpdateVDMEntry
BaseWriteErrorElevationRequiredEvent
BasepAppContainerEnvironmentExtension
BasepAppXExtension
BasepCheckWebBladeHashes
BasepCheckWinSaferRestrictions
BasepConstructSxsCreateProcessMessage
BasepFreeAppCompatData
BasepGetAppCompatData
BasepIsProcessAllowed
BasepPostSuccessAppXExtension
BasepProcessInvalidImage
BasepQueryAppCompat
BasepReleaseAppXContext
BasepReleaseSxsCreateProcessUtilityStruct
NtVdm64CreateProcessInternalW
RaiseInvalid16BitExeError

Sections

.text
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ